Being the very nostalgic sad geek that I am (and very new to linux) I was about to install this -
http://fuse-emulator.sourceforge.net (a zx spectrum 48k emulator)
Did I mention I am new to Linux? So I looked at the download section and it is telling me something about PGP singantures, so I think what is this? So I type it into Google and I get back all this stuff that is starting to hurt my brain and looks like binary code, so in essence, can anyone give me a very very very (very very very) basic rundown on what a PGP signature is and how I can use it or even if I need to use it, all I know so far is that it has something to do with security, so Id like to know more, now I am worried this download is insecure, this is beginning to remind me of the dark days (when I had windows and was worried about sypware) can PGP help me be more secure on my shiney new Linux machine?
If so, how, someone tell me, please.

Thanks

The short answer.....A PGP signature is a way of verifying that you are actually you.

The longer answer......

PGP (or GPG its open source equivalent) is a piece of software that generates two keys used for encryption, a public key and a private key. The upshot is that anything encrypted using one of the keys can only be unencrypted using the other. So in this case, if you encrypt a signature with your private key, anyone in possession of your public key can unencrypt the signature and be assured that you are actually you. You can also use PGP keys to encrypt a great deal more than just a signature. For example, you could encrypt any text like an email, and it would therefore only be readable by people who have your public key. Furthermore, anyone with your public key could ecrypt email or files and only you could unencrypt them with your private key (assuming you've been good and your private key hasn't gotten loose).

There are actually reams of discussions on proper key security and authentication, but hopefully this gives you a basic grasp of what PGP is about.

Okay cool Thanks for that I understand now

Although - in regards to the site link that I posted, how can I use this system to verify the software has come from the guy who made it? Do I need a picece of software to read his signature files? or doesnt it work like that?

Thanks for your help

Go to http://www.gnupg.org. Download and install (requires that you know how to 1) compile/install software or 2) RTFM). Then download a file along with the verification signature and do the following:If all is well, you should see several lines of output but one of the first couple will say "Good signature from...". If you see a message such as then you need to obtain this individuals public key:then run the first instruction again.